Introduction and overview
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Introduction and overview
Splunk supports custom development of various types. This topic provides an overview of the information provided in the Splunk Developer Guide.
For additional information about Splunk development, you can visit the Splunk Developer Wiki or watch a video of the first Splunk Developer Boot Camp to see other Splunk custom development projects.
Components
Find an overview of Splunk's architecture here.
Appearance
Change Splunk's appearance. You can skin/rebrand Splunk by changing the appearance of Splunk Web
REST API
Splunk 3.3 has a fully built-in REST API. Any extensions you may want to build can work easily with REST. For more information on the REST methodology, see this blog entry.
- Extension via the Splunk REST API
SDKs
The following SDKs are currently supported for Splunk's REST API:
- .NET
- Python
- python external http://code.google.com/p/splunk-python-sdk/ (for client side python)
- python built in http://code.google.com/p/splunk-labs/wiki/SplunkPythonSDK (on Splunk server)
- Java
- PHP
Visit the Splunk developer community for more examples.
Endpoints
All REST endpoints live under /services/. Navigate to your Splunk server, then type /services/ after the URI. To get to a specific endpoint or method, add the endpoint and method onto the end of the URI, after /services/. Splunk's REST API reference
Note: In versions 3.1.x and earlier, Splunk's REST endpoints were served off the Splunk Web process using the http://yourhost:8000/v3/ URL format. If you are coding against an older version of Splunk, you will need to reference the older documentation for the deprecated /v3/ endpoints. You can't use a /v3 auth token with the /services endpoints.
Use Splunk's built-in endpoints, which are all defined in $SPLUNK_HOME/etc/system/default/restmap.conf. You can [ create your own endpoint] by editing restmap.conf.
- Authentication
- Login and generate an auth token (session ID) from your Splunk server.
- Properties
- Access and set configuration file properties.
- Search
- Launch and access search jobs.
- Saved
- Access and configure saved searches.
- Streams
- Access live streaming data (like Live Tail).
- Applications
- Interact with applications installed on the Splunk server.
- SplunkBase
- Hook in directly to SplunkBase's API.
- Legacy
- Support for legacy API.
- Note: Methods available in the legacy API will be deprecated in the near future. If you use this endpoint in your code, you will need to update as new endpoints become available.
Applications
If you make something interesting and want to share it with other developers on Splunk Base, learn how to create, package and share applications via the Applications section of the Admin manual.
You can also use the Applications endpoint to create, install and update applications.
Help
If there's something you need help with, even after reading the documentation, contact Splunk support.
If there's a feature you don't see here that you want included, file an enhancement request with Splunk support.
We're always interested in your feedback.
This documentation applies to the following versions of Splunk: 3.3 , 3.3.1 , 3.3.2 , 3.3.3 , 3.3.4 , 3.4 , 3.4.1 , 3.4.2 , 3.4.3 , 3.4.5 , 3.4.6 , 3.4.8 , 3.4.9 , 3.4.10 , 3.4.11 , 3.4.12 , 3.4.13 , 3.4.14 View the Article History for its revisions.